CVE-2020-24416

Name of the Vulnerable Software and Affected Versions Marketo Sales Insight plugin version 1.4355 and earlier

Description The issue is related to a blind stored Cross-Site Scripting (XSS) vulnerability. This could allow an attacker to inject malicious scripts into vulnerable form fields. When a victim browses to the page containing the vulnerable field, malicious JavaScript may be executed in their browser. The vulnerability is also associated with a lack of input data sanitization, which could enable a remote attacker to execute arbitrary JavaScript code.

Recommendations For Marketo Sales Insight plugin version 1.4355 and earlier, update to a version that addresses the input data sanitization issue and fixes the blind stored Cross-Site Scripting (XSS) vulnerability. As a temporary workaround, consider restricting access to vulnerable form fields to minimize the risk of exploitation.